What's New in Teams Calling, Meetings and Devices March 2024
International Cooperation Experiences: Results Achieved, Lessons Learned, and Way Ahead
1. International Cooperation Experiences:
Results Achieved, Lessons Learned, and Way Ahead
Salvatore D'Antonio, Luigi Romano
Consorzio Interuniversitario Nazionale per l'Informatica (CINI), Italy
{salvatore.dantonio, luigi.romano}@uniparthenope.it
Craig Gibson
BCE and Bell Group of Companies, Canada
craig.gibson@bell.ca
MatteoMelideo
Engineering Ingegneria Informatica, Italy
matteo.melideo@eng.it
Abstract. In this paper we discuss the experience we had with international co-
operation initiatives within the context of three projects, funded by the Euro-
pean Commission within the context of FP6 and FP7. We provide a summary of
the main technical achievements which were directly related to international
cooperation, and present the workplan for future research, with respect to inter-
national cooperation. Besides the technical aspects, we discuss the pros and
cons of the specific funding tools on which international cooperation was based
at the time of these projects, and comment on the opportunities offered by up-
coming funding initiatives for International Cooperation.
Keywords: Open Source Software, Software Quality, Critical Infrastructure
Protection, Synchrophasors, Security Information and Event Monitoring,
Global Positioning System.
1 Rationale and Contribution
We claim that international collaboration is highly beneficial, in that research greatly
benefits from diverse cultural and scientific backgrounds, and problem domain con-
texts. To support our claim, we provide tangible evidence of remarkable technical
achievements that international cooperation has brought about. More specifically, we
discuss the experience we had with international cooperation initiatives within the
context of three projects, namely: QualiPSo, INSPIRE (and its accompanying action
INSPIRE-INCO), and MASSIF. The main contribution of this paper is thus an over-
view of the main technical achievements which were directly related to international
cooperation. In a nutshell: QualiPSo demonstrated that in the software development
2. 2 International Cooperation Initiatives: Results Achieved and Lessons Learned
domain, international cooperation favours the creation of consensus around common
practices, to guarantee higher quality of the final product; INSPIRE demonstrated that
Critical Infrastructure Protection must rely on techniques that are compatible, and
scalable; MASSIF demonstrated that sharing experience and factorizing interests may
widen the scope of individual research plans. While QualiPSo and INSPIRE are now
over, MASSIF is an ongoing project. For it, besides commenting the results achieved
so far, we also present the workplan for future research, with respect to international
cooperation. The technical details are in sections 2, 3, and 4 with reference to
QualiPSo, INSPIRE, and MASSIF, respectively.
Another important contribution of the paper is a discussion of the pros and cons of the
specific funding tools on which international cooperation was based at the time of
these projects, as well as an analysis of the opportunities for international cooperation
provided by “Call 9: Objective ICT-2011.10.3: International partnership building and
support to dialogues”. This is detailed in section 5. We emphasize that, while we look
with interest at the opportunities provided by this initiative for the organisation of
events and the strengthening of cooperative research links between European organi-
sations and relevant organisations in Canada, what we really look for is a funding tool
providing direct support to research activities.
2 The QualiPSo Experience
2.1 Short description of the Project
QualiPSo [1] was a project funded by the European Commission (EC) under the FP6,
which ended in January 2011. When it was conceived, Open Source was making the
transition from a mere development approach (as well as a paradigm, a life style, and
a philosophy just for hackers or hobbyists) to a novel and efficient business approach.
In fact, at that time the ICT economy was undergoing a deep transformation, moving
from a product-oriented to a service-oriented business, with the Web playing a lead-
ing role and Open Source identified as a key enabler of this paradigm shift (it is worth
mentioning that an article from BBC, dated 21 Jan 2009, claimed that “The secret to a
more secure and cost effective government is through open source technologies and
products.”) [2]. In this new paradigm for the IT domain, where the economy is based
on services, interoperability among provided and consumed services becomes essen-
tial for the survival of the business model itself, which mandates for open and inter-
operable technological standards. Open Source facilitates and supports the definition
of open standards, thus favouring the development of interoperable systems, and ulti-
mately avoiding vendor lock-in. However, while Open Source has a deep penetration
in the academic domain and in some market niches, several industrial domains are
still reluctant to use Open Source software products or services or to adopt an Open
Source process as their own software production environment. There were (and there
are) many persistent myths and yet unsolved drawbacks that made the industry scepti-
cal about Open Source real benefits. One of the objectives of the QualiPSo project
3. International Cooperation Initiatives: Results Achieved and Lessons Learned 3
was to prove (and demonstrate) the quality of Open Source software and of the proc-
esses used for producing it, in order to demolish with facts the false myths about lack
of support and maintenance, or about the low quality of Open Source software. An-
other important objective of the QualiPSo project was to address some of the main
open issues of Open Source software, and in particular: (i) the intellectual property
issues that require a clarification and simplification of the licensing matters, (ii) the
lack of a qualified and specialized educational program in high education about Open
Source, and (iii) the fragmentation of the Open Source community. In order to over-
come the above mentioned issues and benefiting from the favourable economic con-
text, the QualiPSo initiative was conceived. QualiPSo aimed at making a major con-
tribution to the state of the art and to the practice of Open Source Software. The goal
was to define and implement technologies, procedures, and policies to leverage the
Open Source Software development current practices to sound and well recognized
and established industrial operations. Eighteen international companies and research
groups (from Europe, Brazil, and China) worked together in the project for fifty-one
months. The project brought together software companies, application solution devel-
opers, and research institutions. It was driven by the need of having for Open Source
software the appropriate level of trust which would make Open Source development
an industrial and wide accepted practice.
2.2 Specific Results Achieved
QualiPSo intended to address in a comprehensive way the main research aspects af-
fecting the adoption of Open Source solutions in an industrial business context. This
means to address aspects concerning legal issues, business models, interoperability (at
the organizational and at the technical level), data and information management, qual-
ity and trustworthiness (of the products and processes), and - last but not least - col-
laborative development environments more suited for an industrial adoption. Specifi-
cally, the main technical and scientific results achieved were [3]:
An IPR Tracking Methodology, a Licence Compatibility methodology (with a
supporting prototype), and a framework for an International Legal Issue web por-
tal;
A set of strategies for Industries and SMEs to move towards an Open Source
paradigm, and the business models for its adoption and sustainability;
A set of methods, specifications, and proof-of-concepts to handle technical, se-
mantic, and organizational interoperability;
Prototypes to perform conceptual and semantic searches on heterogeneous
sources of information available within a specific forge, supported by advanced
and innovative navigation systems to manage query results;
Two methods (namely: Model of Open Source Software Trustworthiness –
MOSST, and Open Source Maturity Model - OMM), and a supporting quality
software suite for the measurement of the quality of OSS products and processes;
The prototype of an innovative forge (named QualiPSo Factory) with novel func-
tionality, a modular and lightweight architecture, new services, and a new user
friendly and usable User Interface.
4. 4 International Cooperation Initiatives: Results Achieved and Lessons Learned
In addition to the above mentioned technical and scientific results, the QualiPSo pro-
ject fostered and supported the creation of a network of Open Source Competence
Centres (CC) to sustain and promote QualiPSo results using them as a leverage for a
wider and more conscious adoption of Open Source worldwide. The original plan was
to open CCs only in Brazil, Spain, Germany, Italy and China, but in the end CCs were
also opened in Japan and Poland [4]. The idea was to create these CCs in different
regions of the world, to complement and support the already existing local initiatives
in the education and awareness on the benefits of the Open Source paradigm thanks to
the new knowledge, expertise, and technologies deriving from the QualiPSo experi-
ence. Most of these CCs were built in the wake of already existing initiatives (i.e.
Berlios in Germany and Morfeo in Spain), while others started from scratch exploit-
ing the strategic programs (running or planned) defined by the respective Govern-
ments for the massive adoption of Open Source solutions in the Public Administration
(both local and central). Each QualiPSo CC has to be a physical place which operates
and provides more congenial services to its operative context but, to be recognised as
a QualiPSo Competence Centre, it must reuse technologies, procedures, and policies
produced by QualiPSo and should be part of the QualiPSo Network. To be part of the
Network each CC must sign an agreement once its request of joining is accepted by
the other members [5]. This agreement is the “Table of Law” which works like a
framework to ensure coherency within the network and providing rules and regula-
tions needed by the QualiPSo Network to accomplish its mission and guaranteeing
uniformity, transparency, and efficiency in the relations amongst CCs and between
individual CCs and the QualiPSo Network as a whole. This organization also allows
dealing with diversity. Each competence centre can become part of the network but at
the same time this partnership does not preclude the adoption of different legal
frameworks and different business models. The Brazilian, Spanish, German, Italian
and Chinese CCs were born under the umbrella of the QualiPSo contractual commit-
ment, but the quality and novelty of the QualiPSo results together with the idea of the
network encouraged two new competence centres to join: one in Japan and one in
Poland. While the Polish CC was opened by one of the partners of the QualiPSo pro-
ject, the Japanese one (part of the Information-Technology Promotion Agency - IPA
[29]) had no relationships with QualiPSo but contacted the Network to join since they
were interested in part of the QualiPSo results. Specifically, in Japan the Government
was pushing and investing for the adoption of Open Source solutions and IPA wanted
to offer services for the measurement of the quality of Open Source solutions to be
used. IPA identified those offered by QualiPSo as possible candidates for use. In addi-
tion, IPA identified in the participation to the network the possibility to rely on the
support of the other CCs for testing and adapting the identified QualiPSo solutions. It
is worth emphasizing that the QualiPSo approach made the following innovative
contributions: (i) a new way to sustain project results - by interconnecting Industries,
Academia, Public Administrations, and Open Source Communities - driven respec-
tively by the their needs, their inputs, and their support; (ii) the federated organization
of the network of CCs, that allowed individual centers to act locally (exploiting the
characteristics and needs of specific countries), while cooperating globally (exploiting
the expertise and skills of other competence centres belonging to the network).
5. International Cooperation Initiatives: Results Achieved and Lessons Learned 5
3 The INSPIRE+ INSPIRE-INCO Experience
3.1 Short description of the Project
INSPIRE (INcreasing Security and Protection through Infrastructure Resilience) was
a STREP targeting Objective ICT-SEC-2007.1.7: Critical Infrastructure Protection[6].
Since the key enabling technology of Critical Infrastructures is SCADA (Supervisory
Control And Data Acquisition) systems, INSPIRE focused on enhancing the security
of such systems. In the recent years coordinated and targeted cyber-attacks have been
conducted against critical infrastructures rising to an unprecedented level of sophisti-
cation. Simple experiments are now turning into sophisticated activities carried out
for profit or political reasons. The core idea of the INSPIRE project was to protect
Critical Infrastructures by appropriately configuring, managing, and securing the
communication network which interconnects distributed process control systems. To
increase the resilience of such systems INSPIRE developed traffic engineering algo-
rithms, self-reconfigurable architectures, and intrusion diagnosis and recovery tech-
niques.
The INSPIRE thread of research was augmented by means of an additional action,
namely the INSPIRE-INCO (INSPIRE-International Cooperation) Project, within the
context of call ICT-2009.9.2: Supplements to Support International Cooperation be-
tween Ongoing Projects [7]. The INSPIRE-International cooperation project specifi-
cally aimed at supporting the international cooperation between the INSPIRE project
and the US GridStat project [28], by fostering the collaboration between INSPIRE
researchers and GridStat researchers in the field of power grid protection. This col-
laboration aimed at the following objectives: 1) Making US power grid data available
to INSPIRE, and 2) Establishing relationships with US partners, and exchanging US-
EC experiences and demonstration activities.
3.2 Specific Results Achieved
INSPIRE mainly focused on how to increase the protection level of SCADA sys-
tems, the key component of most legacy, contemporary, and future Critical Infrastruc-
tures. In this section, we present the conceptual architecture of the diagnostic and
reconfiguration scheme which was developed within the context of the INSPIRE pro-
ject, and then extended to the US context, thanks to the additional funding provided
by the INSPIRE-INCO project.
The INSPIRE architectural framework for SCADA systems resilience and security
comprised three main functional blocks, namely: (i) Monitoring, (ii) Diagnosis, and
(iii) Reconfiguration. Monitoring aims at gathering and aggregating status data from
diverse parts of a SCADA system: communication network, Remote Terminal Units,
wireless sensors, wired sensors, and supervisory stations. In order to cope with the
heterogeneity of the formats of diagnostic data, grammar-based parsers were em-
ployed to translate raw events to an intermediate format. The INSPIRE monitoring
sub-system built on our previous experience [8], specializing it to the context of
SCADA systems. After parsing, data collected by individual probes is merged in a
6. 6 International Cooperation Initiatives: Results Achieved and Lessons Learned
single stream, which feeds a set of diagnostic systems, implementing diverse diagno-
sis approaches. Based on diagnosis outputs, the most suitable reconfiguration tech-
nique (to treat the specific intrusion/fault) is selected. An example of reconfiguration
is to implement routing mechanisms that make the communication infrastructure of a
SCADA system resilient to both node/link failures and attacks, by guaranteeing time-
liness and reliability of data delivery.
Special attention was paid to the vulnerability of power grids. The widespread use
of SCADA systems for control of power grids is providing increasing ability to cause
serious damage and disruption by means of cyber-attacks. In order to improve the
accuracy and coherency of SCADA systems, utilities are more and more integrating
Phasor Measurement Unit (also known as synchrophasors) into existing
SCADA/EMS (Energy Management Systems). We performed a thorough security
analysis of two key technologies which enable data collection in Power Grids, namely
synchrophasor devices and Phasor Data Concentrators (PDCs). We emphasize that the
study was conducted on a commercial product by a major vendor (as far as the syn-
chrophasor is concerned), and on a widely used open source product (as far as the
PDC is concerned). We set up a simplified - yet realistic - testbed, and we conducted
a penetration testing campaign against the two aforementioned components. As a
result of the testing sessions, we exposed several vulnerabilities, some of which can
be easily exploited for conducting attacks to current smart grid data collection infra-
structures if proper measures are not taken and additional protection devices are not
integrated in the system.
Fig. 1 shows the testbed we used for our security analysis. Even though the testbed
architecture is a simplified version of a real set-up (which would typically consist of
multiple hierarchal levels of PDCs, and also include additional components with the
capability of enforcing specific protection mechanisms), we emphasize that our test-
bed is based on components which are actually used in current Smart Grid deploy-
ments. Thus, many of the vulnerabilities that we expose in our study may well be
present in real set-ups, especially those - which are not rare indeed - where security-
related best practices have been disregarded. Commercial products and/or best prac-
tices that provide answers to some of the problems which we have pointed out in-
clude: [10, 11, 12, 13, 14, 15, 16, 17, 18].
Figure 1: Schematic representation of the experimental testbed
7. International Cooperation Initiatives: Results Achieved and Lessons Learned 7
In the following, we provide a short summary of the key findings of the study. A
more detailed treatment is available in [19].
The password management and maintenance subsystem has several security weak-
nesses, and in particular: (i) the default passwords are very common and consist of
simple alphabetic strings, which are vulnerable to dictionary attacks, (ii) passwords
are editable but no constraints is given for the strength of new passwords, (iii) multi-
ple levels can share a common password, and (iv) passwords can be totally disabled
via hardware intervention, by tampering with the front panel and setting a jumper off.
The system is vulnerable to man-in-the-middle attacks. A malicious eavesdropper
can intercept the messages exchanged between one of the synchrophasors and the
PDC and modify parameter values or even impersonate the synchrophasor.
The PDC application receives data streams from many different synchrophasors
deployed across the monitored smart grid, using the C37.118 protocol [20]. We have
demonstrated that by carefully crafting C37.118 protocol messages, it is possible to
inject malicious SQL code to the back-end database.
Another important achievement of this international cooperation was access to real
large scale and varied power grid data. The North American grid provides data from
US electricity providers (including: AREVA, BBN, ABB-USA, and Siemens-USA),
on a scale which is not achievable on the currently (relatively) limited EU grid size.
The INSPIRE-INCO action contributed to overcome this limitation in the current EU
grid data availability. An experimental testbed for power grid data collection was set-
up, and is still operational at the time of this writing. Two synchrophasor devices
(specifically, Frequency Disturbance Recorders) were installed, one in Naples (Italy)
and one in Darmstadt (Germany), which are connected to the US network of the
FNET group of the University of Tennessee, Knoxville [9].
4 The MASSIF Experience
4.1 Short description of the Project
Security Information and Event Management (SIEM) solutions have become the
backbone of virtually all security infrastructures. They collect data on events from
different security elements, such as sensors, firewalls, routers or servers, analyze the
data, and provide a suitable response to threats and attacks based on predefined secu-
rity rules and policies. Despite the existence of highly regarded commercial products,
their technical capabilities show a number of constraints in terms of scalability, resil-
ience, and interoperability. The MASSIF project aims at achieving a significant ad-
vance in the area of SIEMs by integrating and relating events from different system
layers and various domains into a more comprehensive view of security-aware proc-
esses and by increasing the scalability of the underlying event processing technology.
The main challenge that MASSIF will face is to bring its enhancements and exten-
sions to the business layer with a minimal impact on the end-user.
8. 8 International Cooperation Initiatives: Results Achieved and Lessons Learned
4.2 Specific Results Achieved and Expected
Two representatives of the MASSIF project (namely: Luigi Romano and Salvatore
D'Antonio) participated in the First Canada EU Workshop on the “Future Internet”,
which was held in Waterloo, Ontario, Canada from 23 to 25 March, 2011. The major
objective of the workshop was to explore prospects for deeper exchange and collabo-
ration between the Canadian and European research communities in the area of “Fu-
ture Internet (FI)” in Europe. With this workshop, EU and Canadian researchers were
offered an opportunity to directly interact, to be updated on the respective research
status, and to explore areas for potential cooperation. The event was designed to ad-
dress industry interests and to provide prospective Canadian partners with an oppor-
tunity to participate in EU research related to the Future Internet. At the Waterloo
workshop Luigi Romano and Salvatore D'Antonio had technical discussions with
Craig Gibson on the possibility of addressing research issues related to Global Posi-
tioning System (GPS) spoofing attacks on synchrophasor networks. The basic idea is
to use satellite simulator devices to perform an attack to synchrophasor networks by
providing an altered time reference to the measurements acquired by synchrophasors
deployed in a specific area. Synchrophasor devices rely on civilian GPS to acquire a
synchronized time reference for their phase and frequency measurements. It has been
proven that civilian GPS, unlike its military version, is inherently not secure [21], as it
does not provide any encryption [22]. For this and other reasons the spoofing of the
GPS signal is relatively easy to implement [22] and GPS satellite simulators are avail-
able on the market for the testing of navigation and other GPS based applications [24,
25, 26]. The effects a successful attack based on these technologies could range from
the invalidation of the acquired phasor measurements to the injection of a false phase
shift detection. We explicitly note that the detection of a phase shift is a high priority
alarm, since it predicts a major failure of the power grid. An actual example is pro-
vided by the Aug. 14th, 2003 Blackout in the US (Fig. 2)
Figure 2. Phase shift prior the black-out
According to NERC: “A valuable lesson from the August 14 blackout is the impor-
tance of having time-synchronized system data recorders. NERC investigators labored
over thousands of data items to synchronize the sequence of events. … That process
would have been significantly improved … if there had been a sufficient number of
synchronized data recording devices.” [27].
9. International Cooperation Initiatives: Results Achieved and Lessons Learned 9
A preliminary research work plan was defined, which was then improved and ex-
tended in the months which followed the event. The finalized research plan was pre-
sented in the International Cooperation Working Group session at the Internet of Ser-
vices 2011 Collaboration Meeting for FP7 Projects, which was held in Brussels, from
28 to 29 September 2011. The presentation raised significant interest in the audience,
and we do believe we have identified a relevant research path, which we are willing to
explore in depth. Our plan is to investigate the feasibility and possible consequences
of GPS Spoofing based attacks on synchrophasor networks. In order to do so, the first
step has been the definition of the main attack scenarios to be investigated. Based on
the results of this activity, the requirements for the testbed have been specified. The
testbed reproduces in a laboratory environment a realistic set up for a synchrophasor
network, and allows the implementation of the attack scenarios of interest. The test-
bed - as illustrated in Fig. 3 - includes the core components of a synchrophasor net-
work (specifically: synchrophasor devices, a communication network, and a Phasor
Data Concentrator application, the visualization and monitoring point), and the GPS
spoofing equipment (i.e. the GPS satellite signal simulator and the control and attack
software). Additional components (such as the power line controlled by the synchro-
phasor) will be integrated in the testbed using software mock-ups, which will mimic
the behaviour of the corresponding real objects, based on the specifications set out in
the attack scenario definition. The use of mock-ups has the important advantage of
allowing us to evaluate the effects of the attacks in detail while keeping the cost of the
testbed (and of the experiments) acceptable.
Figure 3: GPS Spoofing attack experimental testbed for a synchrophasor network
At the time of this writing, the architecture of the testbed has been designed, and
all the hardware and software components are already available in our lab in Naples.
The testbed has been deployed and configured, and correct operation of all system
subparts has been tested. We are now in the process of starting the experiments, i.e.
implementing the attack scenarios defined in the first phase and collecting the results.
In the experimental campaign we will use a GPS spoofing system to generate fake
GPS signals, and monitor the synchrophasor network to analyze the actual conse-
quences of the injection of false GPS data in the system. The campaign will consist of
multiple phases, which will be repeated iteratively. At each iteration, we will observe
the results, and use them to fine tune the attacks in the next iteration. For each attack
scenario, a report will be produced that will describe the most significant intrusions
10. 10 International Cooperation Initiatives: Results Achieved and Lessons Learned
which have been observed and, most importantly, analyze the severity of the conse-
quences on the synchrophasor network. Finally, an attempt will be made to come up
with possible countermeasures for limiting the effects of the attacks.
5 Conclusions and Wish List
In this paper, we have provided tangible evidence of remarkable technical achieve-
ments that international cooperation has brought about. The QualiPSo project demon-
strated that in the software development domain, international cooperation favours the
creation of consensus around common practices, to guarantee higher quality of the
final product, which ultimately results in the establishment of trust, the key enabler of
technology take up. The INSPIRE (and INSPIRE-INCO) project demonstrated that
Critical Infrastructure Protection, given the ever increasing interconnections between
national and continental setups, must rely on techniques that are compatible, and scal-
able. The MASSIF project demonstrated that sharing experience and factorizing inter-
ests may widen the scope of individual research plans.
Besides the technical aspects, a few comments are in order with respect to the
funding schemes. In QualiPSo, International Cooperation was a main characteristic of
the project since its inception. This resulted in efficient and smooth interaction among
international partners. To create an international network of centres dedicated to the
promotion and to the adoption of project outputs is the easiest way to efficiently ex-
ploit and disseminate project results, as well as to test them in real scenarios and to
offer the opportunity to further develop them. This is especially true when the results
produced are Open Source software products, and the best exploitation strategy is to
have communities and potential investors support these results. In INSPIRE the fund-
ing scheme was somehow awkward. It mandated for the pre-existence of two projects
(one funded by the US and one funded by the EC) with significant potential for coop-
eration. Specifically, the two projects were GridStat (funded by an NSF grant) and
INSPIRE (funded by an EC grant). On the US side the additional funding for support-
ing the international cooperation was pumped directly into the GridStat project, while
on the EU side it was routed to a distinct project (namely, INSPIRE-INCO). Handling
two distinct flows of funding, one only for research and one only for mobility, re-
sulted in a number of (unnecessary) difficulties. We have shared this experience at the
International Cooperation Working Group session at the Internet of Services 2011
Collaboration Meeting for FP7 Projects, which was held in Brussels, from 28 to 29
September 2011 and we were assured by EC representatives that the INSPIRE +
INSPIRE-INCO scheme was indeed an exception, with the rule being much more
effective and seamless solutions. We were glad to learn that, and we are keen on find-
ing a joint research avenue/process which can provide additional support for the new
thread of research on GPS spoofing that we have started within the context of the
MASSIF project. We look forward to a funding tool which can provide additional
stamina to this promising collaborative research. We emphasize that the power grid
desynchronization research shown here describes the mechanism by which legacy
11. International Cooperation Initiatives: Results Achieved and Lessons Learned 11
design issues relying on unauthenticated transmission can result in (at a very funda-
mental level) denial of service to critical infrastructures.
Some opportunities for continuing this cooperation seem to be provided by Call 9,
specifically Objective ICT-2011.10.3: International partnership building and support
to dialogues. The target outcome of this action is: “support to dialogues and coopera-
tion with strategic partner countries and regions, to create cooperative research links
between European organisations and partners in third countries”. Regrettably, this
initiative - with respect to High Income Countries (such as Canada) - aims at support-
ing dialogues, and at increasing cooperation, but it does not provide explicit funding
for doing research. While we look with interest at the opportunities provided by this
initiative for the organisation of events and the strengthening of cooperative research
links between European organisations and relevant organisations in Canada, what we
really look for is a funding tool providing direct support to research activities.
6 Acknowledgements
The research leading to these results has received funding from the European Com-
munity’s Sixth Framework Programme (FP6/2002-2006) under Grant Agreement No.
034763 and Seventh Framework Programme (FP7/2007-2013) under Grant Agree-
ment No. 225553 (INSPIRE Project), Grant Agreement No. 248737 (INSPIRE-INCO
Project), and Grant Agreement No. 257475 (MAnagement of Security information
and events in Service Infrastructures, MASSIF Project).
References
1. QualiPSo project website, http://www.qualipso.org
2. Shiels, M.: Calls for open source government, BBC news,
http://news.bbc.co.uk/2/hi/7841486.stm
3. Detailed list of the QualiPSo results, http://www.qualipso.org/documents
4. QualiPSo Competence Centres Presentation, http://www.qualipso.org/competence_centres
5. QualiPSo Network Agreement,
http://www.qualipso.org/sites/default/files/Qualipso%20D8.2%20Network%20Agreement
%20V2.pdf
6. INSPIRE project website, http://www.inspire-strep.eu
7. INSPIRE-INCO project website, http://www.inspire-inco.eu
8. Campanile, F., Coppolino, L., Giordano, S., Romano, L.: A Business Process Monitor for
a Mobile Phone Recharging System. Journal Of Systems Architecture, Elsevier Science
Publishers, Amsterdam, Olanda (2008).
9. Power Information Technology Lab in the Department of Electrical Engineering and
Computer Science at the University of Tennessee, http://powerit.utk.edu/.
10. Secure Communications, Schweitzer Engineering Laboratories, Inc.,
http://www.selinc.com/securecommunications/
11. Cybersecurity, Schweitzer Engineering Laboratories, Inc.,
http://www.selinc.com/cybersecurity/
12. 12 International Cooperation Initiatives: Results Achieved and Lessons Learned
12. Stewart, J., Maufer, T., Smith, R., Anderson, C., Ersonmez, E.: Synchrophasor Security
Practices. Schweitzer Engineering Laboratories, Inc.,
http://www.selinc.com/WorkArea/DownloadAsset.aspx?id=8502
13. Smith, R.: Cryptography Concepts and Effects on Control System Communications.
Schweitzer Engineering Laboratories, Inc.,
http://www.selinc.com/WorkArea/DownloadAsset.aspx?id=5200
14. Hurd, S., Smith, R., Leischner, G.: Tutorial: Security in Electric Utility Control Systems.
Schweitzer Engineering Laboratories, Inc.,
http://www.selinc.com/WorkArea/DownloadAsset.aspx?id=3491
15. Mix, S.: Primer Discussion on Cyber Security: What do the CIP Standards Mean for Syn-
chroPhasors in the future? North American Electric Reliability Corporation (NERC)
http://www.naspi.org/meetings/workgroup/2009_february/presentations/nerc_cyber_securi
ty_mix_20090205.pdf
16. Introduction to NISTIR 7628, Guidelines for Smart Grid Cyber Security, The Smart Grid
Interoperability Panel Cyber Security Working Group,
http://www.nist.gov/smartgrid/upload/nistir-7628_total.pdf
17. Braendle, M.: Cyber security - effectively and efficiently tackling the challenges ahead.
ABB, http://www.abb.com/cawp/seitp202/a6a42387602e83828525784200766310.aspx
18. Hadley, M. D., McBride J. B., Edgar T. W., O’Neil L.R., Johnson J. D.: Securing Wide
Area Measurement System. Pacific Northwest National Laboratory,
http://www.oe.energy.gov/DocumentsandMedia/Securing_WAMS.pdf
19. Coppolino, L., D’Antonio, S., Elia, I. A., Romano, L.: Security Analysis of Smart Grid
Data Collection. Lecture Notes in Computer Science, 2011, Volume 6894/2011, pp. 143-
156, 30th International Conference on Computer Safety, Reliability and Security,
SAFECOMP, Naples, Italy (2011)
20. IEEE Standard for Synchrophasors for Power Systems, IEEE Std C37.118-2005 (Revision
of IEEE Std 1344-1995) , vol., no., pp.0_1-57 (2006)
21. Vulnerability Assessment of the Transportation Infrastructure. (2001),
http://www.fas.org/spp/military/program/asat/gpstrans.pdf
22. GPS Fact Sheet. Global Positioning Systems Directorate,
http://www.losangeles.af.mil/library/factsheets/factsheet.asp?id=5311
23. Warner, J. S., Johnston, R. G.: A Simple Demonstration That the Global Positioning Sys-
tem Is Vulnerable to Spoofing. Journal of Security Administration (2003)
24. CAST Navigation GPS Satellite Simulators, http://www.castnav.com/products/
25. Spectracom GPS Satellite Simulators,
http://www.spectracomcorp.com/ProductsServices/TestandMeasurement/GPSSimulators/t
abid/1268/Default.aspx
26. Aeroflex, GPS Satellite Simulators,
http://www.aeroflex.com/ats/products/category/Avionics/GPS_Simulators.html
27. Brown, S.: Thoughts on the Florida Blackout. http://www.elp.com/index/display/elp-
article-tool-template/_saveArticle/articles/utility-automation-engineering-td/volume-
13/issue-4/departments/from-the-editor/thoughts-on-the-florida-blackout.html
28. Gridstat project website, http://www.gridstat.net/
29. Information Technology Promotion Agency, Japan, www.ipa.go.jp/index-e.html